Honeypots
Few questions about sp800-31 Nov 27 2006 01:27PM
Kuznetsov A.N. (pm_kan mail ru) (1 replies)
Re: Few questions about sp800-31 Nov 27 2006 09:07PM
Valdis Kletnieks vt edu
On Mon, 27 Nov 2006 16:27:09 +0300, "Kuznetsov A.N." said:
> Hi list,
> recently I have read sp800-31(NIST Special Publication on Intrusion Detection
> System) and have some questions about it.
>
> On page 28 they wrote about disadvantages of Honey Pots and Padded Cells
> - The legal implications of using such devices are not well defined
> What kind of problems with law can any have when using Honey Pot or Padded Cell?
> The best thing I can guess that it can be some problems if IDS redirect legal
> user to Padded Cell and he get wrong info.

A bigger issue (at least in the US) is if you divert a legitimate user to a
Padded Cell environment, and your SLA/EULA/contract/whatever doesn't give
advance notice that the user's traffic may be sampled/captured. On the one
hand, 18 USC 2511 (2)(a)(i) gives *some* wiggle room - it depends on whether
you think a honeypot/padded cell is allowed under "... provider of wire
communication service to the public shall not utilize service observing or
random monitoring except for mechanical or service quality control checks."
On the other hand, if a padded cell isn't a "service quality control check",
you may have a problem....

http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511----0
00-.html

Most of these problems are easily worked around if you have a prior notice
that "All traffic may be monitored" or similar, as intercepts with permission
(even implicitly given by using the service after being informed of the
monitoring) is usually OK.

I am *NOT* a lawyer, and if the exact details matter, I suggest you hire one
of your own....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFFa1OMcC3lWbTT17ARAnfuAJ9h8WUW3RKl8DW200mgcRA3jPwOuQCgprdb
jhFr6STza8stwkTiGhTpbjE=
=1xQF
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus